<?php
    include("includes/conf.inc.php");
    include("includes/function.php");
    session_start();
    
    if (isLogin())
    {
      if (isset($_FILES['subor']))
      {
        $uid = $_SESSION['uid'];
        $dir = "images/gallery/"; 
        if(ereg("image\/*",$_FILES['subor']['type']))
        { 
          $desc = $_POST['description'];
          
          $name = getFileName($_FILES['subor']['name']);
          $ext = getFileExtension($_FILES['subor']['name']);
          $filename = $name.$ext;
          $i = '0';
          while (file_exists($dir."/".$filename))
          {
            $filename = $name.$i.$ext;
            $i++;
          }
          $res = move_uploaded_file($_FILES['subor']['tmp_name'], $dir."/".$filename);
          list($width, $height, $type, $attr)= getimagesize($dir."/".$filename); 
          CreateThumbnail($filename, 128, 128);
          
          $sid = mysql_connect($db_host, $db_usr, $db_pass) or die(mysql_error());
          mysql_select_db($db_name);
          $query = "INSERT INTO $gal_tbl VALUES(NULL, '$uid', '$filename', '$desc')";
          mysql_query($query);
          echo "Image upload successfull!";
        }
        else
        {
          echo "Invalid file format !";
        }
      }
      else
      {
         echo "<form method='post' enctype='multipart/form-data'>
         <input type='file' name='subor' />
         <textarea name='description'></textarea>
         <input type='submit' value='upload' />
         </form>";
      }
    }
    else
    {
      header("Location: index.php");    
    }
?>